Jaffe Ransomware

The Jaffe Ransomware is an encryption ransomware Trojan that uses the AES encryption to make the victims' files inaccessible. The Jaffe Ransomware is typically delivered to the victims via corrupted spam email attachments. Once the Jaffe Ransomware is installed, it takes the victim's files hostage, which will be the argument to demand a ransom payment in exchange for the decryption key needed to restore the compromised data.

The Jaffe Ransomware Attack Targets Your Files

The Jaffe Ransomware uses the AES encryption in its attack, targeting the user-generated files. These user-generated files may include files with the following file extensions:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The Jaffe Ransomware marks the files it encrypts in its attack by adding the file extension '.[Jaffe@Tuta.Io]' to each file compromised by the attack. The Jaffe Ransomware will then deliver a ransom note in the form of a text file named 'READ THIS.TXT' that is dropped on the infected computer's desktop. The full text of the Jaffe Ransomware ransom note reads:

'*** IF YOU WANT TO GET ALL YOUR FILES BACK, FOLLOW THE INSTRUCTIONS ***
No files have been deleted or copied from your computer.
All your files have been encrypted with a complex algorithm.
All your files have been encrypted due to a security problem with your PC.
Your personal key :
---BEGIN PERSONAL KEY---
[random characters]
---END PERSONAL KEY---
What to do next to restore all your files? follow the instructions below.
1. Calm down. Pull yourself together. Everything will be fine. Follow the instructions.
2. Send to the mail Jaffe@Tuta.Io or jaffe@india.com Your personal key. It's also worth to send your internal
IP address (you can find it using the service whatismyipaddress.com).
3. Wait for the answer of our operator (response time 1-3 hours).
Next, you will receive further instructions for file recovery.
- Free decryption of files as a guarantee!
- Send us 3-5 encrypted files.
- The total size of files must be less than 5 Mb (non archived), and files should not contain valuable information (databases, backups, large excel sheets, etc.).
*** If you do not receive a reply within 3 hours, create an account on Gmail.com and try again. or just check your email spam.
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price
(they add their fee to our) or you can become a victim of a scam.'

The Jaffe Ransomware also may Steal Passwords and Online Credentials

The Jaffe Ransomware also may be capable of collecting login credentials for FileZilla, apart from carrying out a standard encryption ransomware Trojan attack. This FTP client can then be used to compromise other machines and servers with the Jaffe Ransomware. These hybrid attacks combining information collectors and ransomware are not as common and pose an additional threat to computer users.